Netmaa Oy ("Company") protects the privacy of data subjects and complies with the European Union's General Data Protection Regulation (2016/679) ("GDPR") and other applicable data protection legislation in all processing of personal data.
"Personal data" means any information relating to a natural person ("data subject") from which he or she can be directly or indirectly identified, as defined in the GDPR. Information which does not directly or indirectly identify the data subject is not personal data.
Kalevantie 7 C
Business ID: 2058390-1
+358 400 484776
Personal data is processed for the following purposes, among others:
The legal basis for the processing of personal data of data subjects is primarily the consent of the data subject or a contractual relationship between the Company and the data subject based on the subscription to a service provided by the Company. The processing of personal data is also based on legal obligations, such as accounting obligations and any statutory reporting obligations.
Personal data is not used for automated decision-making or profiling.
The following information about data subjects is processed:
1. CONTACT DETAILS
Name, position, address, telephone number, e-mail address and date of birth/personal identification number of the data subject/representative of the entity.
2. INFORMATION RELATING TO THE CUSTOMER RELATIONSHIP
Account number, billing and payment information and other information that identifies the customer relationship.
3. CUSTOMER TRANSACTION DATA AND CONTRACT AND SERVICE DATA
Information about the contract between the Company and the data subject or between the Company and the entity representing the data subject, service and order information, customer feedback, and communications, complaints, customer feedback and other business information between the data subject and the Company.
4. BEHAVIOURAL AND TECHNICAL IDENTIFICATION DATA
Monitoring of the data subject's online behaviour and the Company's services, for example by means of cookies or similar technical identification data. The information collected may include, for example, the user's IP address and the pages visited.
5. CONSENTS GIVEN BY THE DATA SUBJECT
Information on the data subject's consent to direct marketing by electronic means (e.g. newsletter) or other processing of personal data, as well as information on the withdrawal of the above-mentioned consents and on the data subject's objections.
The provision of personal data is necessary for the performance of a contract between the Company and the data subject and for the performance of obligations under the law, as well as for the provision of the Company's services.
Sources of information:
Personal data is mainly collected from the data subjects themselves, for example, when making an offer, when concluding a customer contract, during the course of customer relationship management, in connection with marketing and customer meetings, through forms on the website or through social media services.
In addition, for non-therapy services, data may also be collected and updated from registers maintained by third parties where permitted by law.
The retention period and criteria vary from one category of personal data to another, depending on the purpose for which a particular category of personal data is used.
Personal data is processed for the duration of the customer and contractual relationship and for the necessary period after the termination of the customer and contractual relationship.
For entities, the retention of the personal data of the entity's representative depends on how long the data subject acts as the entity's representative towards the Company.
When the personal data is no longer needed as defined above, the data will be deleted within a reasonable period of time, unless there is a legal obligation to keep the data for a longer period of time.
The Company will draw up an appropriate personal data processing agreement with all parties involved in the processing of personal data.
In addition, personal data may be disclosed to public authorities in order to fulfil legal and contractual obligations.
If the Company is involved in a merger, acquisition or other business arrangement, it may need to disclose data subjects' personal data to third parties.
As a rule, personal data is not transferred by the controller outside the EU or EEA. However, in certain situations, data may be transferred outside the EU or EEA to the extent permitted by law. Transfers outside the EU or EEA may take place in connection with the use of various cloud services, such as Microsoft's OneDrive service and HubSpot's CRM service.
The Company processes personal data in a manner that aims to ensure appropriate security and data protection of personal data. The Company uses appropriate technical and organisational safeguards to ensure this, including the use of firewalls, encryption technologies, secure equipment rooms, appropriate access control and access management, and training of staff and any subcontractors.
Contracts and other documents kept in original form are kept in locked premises to which access is restricted to authorised persons only. Paper copies are destroyed in a secure manner. All parties processing personal data are bound by a duty of confidentiality in relation to the processing of personal data of data subjects.
Data subjects have rights guaranteed by data protection legislation.
Right of access and right to inspect data
The data subject has the right to obtain confirmation as to whether personal data concerning him or her are being processed.
The data subject has the right to check and see the data concerning him or her and, on request, to receive the data in written or electronic form.
Right to rectification and erasure
The data subject has the right to request the correction of incorrect or inaccurate information. In addition, the data subject has the right to request the erasure of his or her data. The controller shall also delete, correct and complete, on its own initiative, any inaccurate, unnecessary, incomplete or outdated personal data which it has discovered in relation to the purposes of the processing.
Right to data portability, restriction of processing and objection to processing
Data subjects have the right to request the transfer of their data to another controller. In addition, the data subject has the right to request the restriction of the processing of personal data under the conditions set out in the data protection legislation. In addition, where the personal data suspected of being inaccurate cannot be rectified or erased or where there is uncertainty about the erasure request, the Company will restrict access to the data. The data subject has the right to object to the use of the data for certain types of processing. Data subjects have the right to object to the disclosure and processing of their data for direct marketing purposes.
Right to withdraw consent
Where the processing of personal data is based on the explicit consent of the user, the data subject has the right to withdraw his or her consent to the processing of data concerning him or her. Such withdrawal shall have no effect on the processing previously carried out.
Enforcement of rights
Requests concerning data subjects' rights are made in writing to the contact details above. The request must be accompanied by sufficient identifying information. The request will be responded to within a reasonable time and, where possible, within one month of the request and verification of identity at the latest. The Company may request additional information as necessary to comply with the above requests. If the data subject's request cannot be granted, the refusal will be communicated to the data subject in writing.
The data subject has the right to lodge a complaint with a data protection authority if he or she considers that his or her personal data have been processed in breach of the applicable legislation.
The company tracks traffic on its websites using cookies, with the help of Google Analytics. The user's browser automatically sends certain information to Google, such as the address of the webpage opened or the search term used to direct the user from Google's search engine to the Company's website.
The Company does not receive information about the user's IP address through Google Analytics, but data in an anonymous form, and the Company is therefore unable to directly identify the user. Google Analytics generates anonymous reports from the data obtained through cookies, which show, for example, the number of visitors, the website from which the visitor arrives at the Company's website, the duration of the website visit, whether the user has visited the website before and which pages of the website the user visits.
By monitoring website traffic, the Company improves websites to provide a better user experience. The user can prevent Google Analytics from collecting data. For more information on how to block, please visit Google's website.
Other cookies are also used on the company's websites. Other cookies are mainly used by the Company to collect information for marketing purposes, such as the functionality of newsletters, opening links and generating traffic to the Company's websites. Through these cookies, the Company collects, among other things, the IP address of the user, the website from which the user has arrived, how long the user has been on the website, which pages the user has visited and any search terms used by the user. The Company uses this information to improve the functionality of the websites and to improve the user experience and marketing.
The Company also uses other third party services on the websites and thus their cookies to share content from the Company's websites on social media. These service providers are Facebook and LinkedIn.
The user has the possibility to block, manage and delete cookies through the browser settings.